in controllers/keycloakclient/chain/process_permissions.go [25:78]
func (h *ProcessPermissions) Serve(ctx context.Context, keycloakClient *keycloakApi.KeycloakClient, realmName string) error {
log := ctrl.LoggerFrom(ctx)
if keycloakClient.Spec.Authorization == nil {
log.Info("Authorization settings are not specified")
return nil
}
clientID, err := h.keycloakApiClient.GetClientID(keycloakClient.Spec.ClientId, realmName)
if err != nil {
return fmt.Errorf("failed to get client id: %w", err)
}
existingPermissions, err := h.keycloakApiClient.GetPermissions(ctx, realmName, clientID)
if err != nil {
return fmt.Errorf("failed to get permissions: %w", err)
}
for i := 0; i < len(keycloakClient.Spec.Authorization.Permissions); i++ {
log.Info("Processing permission", permissionLogKey, keycloakClient.Spec.Authorization.Permissions[i].Name)
var permissionRepresentation *gocloak.PermissionRepresentation
if permissionRepresentation, err = h.toPermissionRepresentation(ctx, &keycloakClient.Spec.Authorization.Permissions[i], clientID, realmName); err != nil {
return fmt.Errorf("failed to convert permission: %w", err)
}
existingPermission, ok := existingPermissions[keycloakClient.Spec.Authorization.Permissions[i].Name]
if ok {
permissionRepresentation.ID = existingPermission.ID
if err = h.keycloakApiClient.UpdatePermission(ctx, realmName, clientID, *permissionRepresentation); err != nil {
return fmt.Errorf("failed to update permission: %w", err)
}
log.Info("Permission updated", permissionLogKey, keycloakClient.Spec.Authorization.Permissions[i].Name)
delete(existingPermissions, keycloakClient.Spec.Authorization.Permissions[i].Name)
continue
}
if _, err = h.keycloakApiClient.CreatePermission(ctx, realmName, clientID, *permissionRepresentation); err != nil {
return fmt.Errorf("failed to create permission: %w", err)
}
log.Info("Permission created", permissionLogKey, keycloakClient.Spec.Authorization.Permissions[i].Name)
}
if err = h.deletePermissions(ctx, existingPermissions, realmName, clientID); err != nil {
return err
}
return nil
}